[ad_1]
[ad_2]
Hello all,
We run a fairly large site.
For the last few weeks, someone has been continuously injecting malware files with the same name and folder again and again under the plugin directory of our WordPress site.
This leads to the running of unknown ads (google) on our website, only in the mobile version.
We delete the file and then it gets injected again after sometime.
Our hosting and Sucuri both are not able to prevent the issue from reoccurring.
We have done everything possible to strength the security measures on the website.
What is the way to resolve this issue?
Thanks a lot in advance.
You will need to manually check codes in your cPanel file manager for any javascript urls. Also there are many things like file permissions, any user created to attack the site, etc. Generally you need to find any javascript link hidden in any plugin or in your theme code by folowing file permissions. You can also hire an expert to clean out the code and implement strong protection.
If you keep getting hacked, there could be many reasons but a common one you’ll see is people using nulled plugins.
If you’re using them, remove them
You likely have a plugin installed in your site (or another site in your hosting account, if that applies) that contains a vulnerability. Deleting the malware doesn’t remove the vulnerability, as you’ve discovered.
Install Wordfence and run a scan.
Once you’ve determined the cause of the infection, delete all WP files, plugins and theme (keep WP-content/uploads), and reinstall from the source, not a backup.
If your WordPress site keeps getting hacked, it could be due to a compromised admin user. By the past, I had to clean websites with this problem and I always followed those steps with success:
1. **Temporarily take the Site Offline**: Use `.htaccess` to restrict access to your office IP only.
2. **Check Admin Users**: Identify and remove any suspicious users with editing privileges. Change **all** admin passwords.
3. **Update Everything**: Update/re-install WordPress, themes, and plugins.
4. **Run a Security Scan**: Use a plugin like Wordfence to perform a full scan and fix issues.
5. **Check Other Sites**: If you have multiple sites under one cPanel, follow the same steps for all of them all to prevent cross-infection.
I had a similar issue late last year and almost went nuts.
I used sucuri to scan the site then manually trace and delete all the malware files and injected scripts (a very long and tedious task). The malware kept coming back and till date, I don’t know how that happened.
The only solution that worked for me was installing Immunify360 on my server. You should contact your host about it.
Best of luck 👍🏽